Industry wide impacts of Nigeria deploying EMV to fight fraud

As of 1st quarter 2008, more than 730 million EMV payment cards were in use worldwide, two-thirds of the world’s EMV cards and devices are in Europe with nearly 50% of cards and POS and more than two thirds of ATMs enabled.

In the UK after four years of EMV deployment card fraud loss rate declined 48% from 18 to 12 basis points from 2001 to 2008, while overall card spend nearly doubled, overall card fraud increased 48% from 2001 to 2008, at a global level, the Nilson report estimated card fraud of $5.5 Billion on $11.8 Trillion purchases in goods and services and cash advances in 2007. The true cost of fraud, however exceeds the actual monetary amount of losses, financial services companies incur damage to their reputations, higher overall operating costs for increased vigilance, reduced productivity and higher staff expenditures, and they also bear the cost of re-issuing cards after a fraud incident.

Fraud is a global issue, in its broadest sense, it is a deception carried out for personal gain although it has a more specific legal meaning, the exact details varying between jurisdictions. Fraud in manifested in many forms in the banking system some of which are attributable to bank malpractices, corrupt officials, negligence and disgruntled employees to mention a few. The Nigerian payment systems management bill of 2009 is a step in the right direction for combating the multifaceted nature of fraud in the payments system especially as regards the payment card value chain.

Acquirers and Issuers understand that losses emanating from card fraud affect card usage rates, authorization parameters, operational processes and staffing while also decreasing profit margins. Furthermore, these losses can endanger the most valuable asset acquirers and issuers have –their relationships with business partners and consumers. It follows clearly that the industry should pay close attention to new technology and processes that may prove to be effective in combating fraud. EMV an instance of the chip payment technology is an example of one such methods.

The adoption of EMV has been coupled with the Personal Identification Number (PIN) stored on the chip, the PIN replaces the card holder signature, significantly improving protecting against loss and theft. ATM skimming fraud losses have also decreased by up to 55% with the deployment of EMV compliant ATM machines. While EMV has helped reduce payment card fraud, e-commerce web based fraud is still a cause of concern, the payment industry will need to build on the progress with EMV to combat fraud via this channel; however VISA and master card have recorded some progress with the Dynamic Passcode Authentication and Chip Authentication Program respectively.

It is very difficult to prevent the data on a magnetic stripe from being copied and used for unauthorized transactions as the card security code is static and does not change for every transaction, chip cards provide a new security feature called Dynamic Data Authentication (DDA), DDA generates an encrypted value for every transaction, these encrypted tokens are very difficult to replicate and presents a better security model over static magnetic stripe security tokens.

Initial investment in EMV is future proofing the payment system for security in long term. Benefits to issuers in this case the banks include increased profit from fewer loses due to fraud, merchants will profit from fewer charge backs and consumers or card holders will profit from improved service delivery and security levels. It is important to note that EMV is not the proverbial heaven of smart card payment systems; stakeholders should understand that security measures are to be updated regularly to remain a step ahead of fraudsters. Another added advantage of the chip model is the fact that security can be incrementally increased over time which supports the need to update security mechanisms on an ongoing basis.

Like this:

Published by olasemo

Oladipo Olasemo is self driven and self motivated and has over 5 years experience in software development and architecture as well as e-business consulting. He has facilitated the delivery of several internet portal projects, workflow intranet solutions as well as several business process automation packages. He was the team lead in architecting an e-Government portal for 52 Ministries, Department and Agencies for Cross Rivers State Government as well as a team lead in the development of a web based multiple payment/multiple recipient solution for bank PHB plc. He was a team member in the delivery of over 40 school portals (Edlink Portal) for various tertiary institutions in Nigeria and Ghana. As an e-business consultant, he was involved in the company setup and strategy formulation for Finconnekt Limited a technology company providing service oriented financial software to microfinance banks in Nigeria, he was also responsible for the business plan and financial models for Easy Communications Limited for an online e-commerce portal venture (e-Buy). Oladipo posseses a bachelor’s degree in chemical/polymer engineering from the Lagos State University. He also possesses several certifications some of which include a Microsoft Certified Professional Developer (MCPD), Microsoft Certified Technology Specialist (MCTS) and ITIL Foundation version 3.
View all posts by olasemo

Post navigation

Indeed changes have been made tot he deploymetn of card systems in Nigeria from Magstripe to Chip-cards, but incidences of card fraud still recorded shows that the system is still fraught with anomalies and deception. For example, the DDA system you described in you post is only heasrd of in Nigeria, but not practiced, and this is a fundamental aspect of the security system surrounding the use of Chip/EMV cards…

While we seek to be at par with our contemporaries abroad in the use of technology, we also need to be sure that we’re not just deploying these technologies because it is the “hype in town”… for the first time since I started using ATM cards in over 5 years, card fraud came close to home when my brother in-law had his Verve card cloned and his account cleaned out…. how could this happen with all the so-called security that is “supposed” to surround the card?

Very interesting article Mr. Olasemo. Despite the advances in fraud protection technology, through the introduction of the EMV standard, it is evident that the current technology is still far from full proof. I would really like to get the opinion of the author on how the use of biometrics could aid in addressing the current security gaps and the viability of current options that we have available.

The truth here is that there is no perfect secure system. Even the most secure systems in the world are still susceptible to the human factor. The human factor is represented in the social engineering skills of some crackers, hackers and fraudsters which leaves people not well versed in the security procedures to reveal vital information which these unscrupulous people can levarage to carry out their nefarious activities.

Anyway, EMV is a lot more secure than Magnetic Stripe in all areas, though it is not perfect, its all a work in progress…. thanks for your input beke.

@ Wole, well Biometrics itself is fraught with a lot of issues and can only be deployed sucessfully in a controlled enviroment. Permit me to give you a scenario, a mechanic just gets off from work and decides to withdraw some money from the closest ATM, he struts to the ATM confidently believing he will be sucessfull, but he is discouraged because the ATM tells him that the action cannot be completed, you may aske me why? ofcourse his smudgy fingers laced with all kinds of engine oil. Enrollment and verification if not properly handled can be another source for customer dissatisfaction.

Ofcourse, I agree with you for the need of a 2 Factor authentication and authorization scheme to raise the profile of the security in all our ecommerce transactions, but it has to be done with great care. Even biometrics is not fool proof, especially with finger print authentication, people have been known to steal fingerprints off other people and use it to pose as the said person in other security schemes…. no system is 100 percent secure… work in progress i say again

I feel you on that Ade, it can be quite annoying when you need to get some quick cash and you find out your card has been blocked. I guess its a lot better to have a blocked card rather than an empty bank account…. what say you? unh? 🙂